[Owasp-sanfran] Additional Presentation Announced at 1/25 OWASP Chapter Meeting

Anastasia Stamos anastasia at isecpartners.com
Thu Jan 18 17:13:18 EST 2007

Dear OWASP San Francisco,

A second presentation has been added to the agenda for the 1/25 San Francisco OWASP Chapter Meeting.  

Patrick Stach, Director of Research and Development at Stach & Liu, will deliver "Commonly Overlooked Cryptographic Vulnerabilities in Web Applications".

Please see a revised agenda below, and if you have not already done so, RSVP to anastasia at isecpartners.com as there is limited space.

Thank you!


WHAT: San Francisco OWASP Chapter Meeting and Mixer

WHEN: Thursday, January 25th, 2007 
6:00-6:30   	Social (Food and Drinks) and Chapter Announcements

6:30-8:00   	"XML Digital Signature and Encryption: Use and Abuse" 
			Brad Hill, iSEC Partners

8:00-8:15   	Q and A
8:15-8:45	 	"Commonly Overlooked Cryptographic Vulnerabilities in Web 			Applications"	
			Patrick Stach, Stach and Liu
8:45-9:00	 	Q and A and Meeting Wrap Up	

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com)
We recommend arriving by public transit as parking is extremely limited.

WHY: To network, socialize and learn more about Web Application Security 

WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill and Patrick Stach will deliver presentations


"XML Digital Signature and Encryption: Use and Abuse"
The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world.  This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications.   Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Security Consultant - Brad Hill

Brad Hill is a Security Consultant with iSEC Partners.  Brad Hill brings
to iSEC a decade-plus background working with Internet technologies,
including serving as the lead developer of Web applications and
frameworks for one of the premier private label recordkeeping and
management companies in the financial services industry, where his
responsibilities also included security training, policy development and
compliance.  With iSEC he has performed penetration testing and design
review for a wide spectrum of products and technologies, most recently
participating in the Final Security Review of Microsoft Windows Vista.
Brad achieved the Certified Information Systems Security Professional
(CISSP) credential in 2004.


"Commonly Overlooked Cryptographic Vulnerabilities in Web Applications"
This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications.  The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.

Director of Research and Development- Patrick Stach

Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.
Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.

More information about the Owasp-sanfran mailing list